All Cloudflare Customers Protected from Atlassian Confluence CVE-2023-22515

1 min TIME read

On 2023-10-04 DATE at 13:00 UTC TIME , Atlassian NORP released details of the zero-day DATE vulnerability described as “Privilege Escalation Vulnerability in Confluence Data Center ORG and Server” ( CVE-2023-22515 ORG ), a zero-day DATE vulnerability impacting Confluence Server ORG and Data Center ORG products.

Cloudflare ORG was warned about the vulnerability before the advisory was published and worked with Atlassian NORP to proactively apply protective WAF LAW rules for all customers. All Cloudflare customers, including Free, received the protection enabled by default. On 2023-10-03 DATE 14:00 UTC Cloudflare WAF PRODUCT team released the following managed rules to protect against the first ORDINAL variant of the vulnerability observed in real traffic.

Rule ID Description Default Action New Managed Rules …ec9f34e1 Atlassian Confluence – Privilege Escalation – CVE:CVE-2023-22515 Block Legacy Managed Rules 100604 and 100605 CARDINAL

Atlassian NORP Confluence – Privilege Escalation – CVE: CVE-2023-22515 MONEY Block Free Managed Rule …91935fcb Atlassian Confluence – Privilege Escalation – CVE:CVE-2023-22515 Block

When CVE-2023-22515 ORG is exploited, an attacker could access public Confluence Data Center ORG and Server instances to create unauthorized Confluence ORG administrator accounts to access the instance. According to the advisory the vulnerability is assessed by Atlassian NORP as critical. At the moment of writing a CVSS ORG score is not yet known. More information can be found in the security advisory, including what versions of Confluence Server ORG are affected.

Connecting to blog.lzomedia.com... Connected... Page load complete